Search This Blog

Showing posts with label Card Skimming. Show all posts

More than 17,000 Domains Affected with Code which Steals Card Data



Cybercriminals running Magecart operations have added payment card skimming code to more than 17,000 domains with JavaScript files in misconfigured Amazon S3 buckets.

Cybercriminals exploited the lack of access control in Amazon's cloud storage services and affected over 17,000 domains via automated attacks which reconstructed JavaScript code randomly, without monitoring if the code could load a payment page.

The exploit came as a part of Megacart operations, originated in the month of April; attackers injected payment card skimming code to a high number of domains with JavaScript files in poorly configured Amazon S3 buckets which granted writing permissions to the person finding them.

According to the security researchers at RiskIQ, the discovery of these S3 buckets had been automated by the authors of the campaign.

Referencing from the findings made by Yonathan Klijnsma, RiskIQ's head of threat research, "Once the attackers find a misconfigured bucket, they scan it for any JavaScript file (ending in .js). They then download these JavaScript files, append their skimming code to the bottom, and overwrite the script on the bucket."

"Even if your bucket has information that anyone can access, it does not mean everyone should be able to modify the content," he added.

The fact that a large number of websites employing Amazon's cloud storage services fell short in fortifying access to the corresponding assets played a major role for Magecart campaign in realizing its malicious objectives.

Cybercriminals Preferring Audio Skimmers Over Flash Skimmers






There has been a rapid increase in the number of web skimming attacks since the advancements in the technological sector; it also resulted in excessive activity in the black market of physical card skimming tools.
Web skimming attacks are designed to capture critical financial data and card details like the name of the holder and sensitive numbers. It is when attackers connect their spying tool to a point-of-sale system (PoS) or an ATM in order to get access to the data that is processed from credit/debit cards via these machines.
The ever evolving ways of web skimming are one of the reasons why it is thriving and remains undetected,  professionals skimmers have formed closed communities which are organized to coordinate during skimming processes and assist the cashers, decoders, engineers, extractors, and vendors with whatever they need.
Advanced Intelligence, a New York based fraud prevention company reported that the usual targets are gas stations, ATMs or PoS terminals. Skimming includes unauthorized access to sensitive financial information for which the cybercriminals mainly rely on upgrades and advancements in technology to produce and circulate products which are unassailable and undetectable.
Another variant includes Audio Skimmers, which have been known to exist since 2010 and the technique employed in Audio Skimming is said to be existing since 1992. The devices involved store the data and encrypt it to capture it in MP3 format. The threat rate of Audio Skimmers multiplies with the camera attached to capture the PIN number and acting as a video skimmer.
Commenting on the matter, Yelisey Boguslaskiy, director of security research at AdvIntel, said, "They use timing-calculating algorithms to “reed” the audio when the card is been scanned by the ATM, which allows them to decode a track in 1-2 seconds and immediately convert it into text format,"
"Russian-speaking real carding communities have traditionally been exclusive and tight-lipped regarding their skimming operations. Skimming developers form exclusive trusted underground criminal networks thereby connecting talented engineers, their trusted sellers, and wealthy carder buyers of such tools,” further added.